The rise of stolen identities and AI-based attacks

• Stolen identities in 2022 exposed 1.5 billion user records, cost businesses an average of US$9.4 million per breach. 
• AI-driven fraud attacks also create a larger threat landscape for consumers and enterprises. 

Stolen identities being used to infiltrate an organization is nothing new – attackers have been doing it for a long time and will likely continue. What makes matters more complicated these days is how artificial intelligence (AI) makes it more difficult for the average human to identify such threats. 

That is precisely what has been highlighted by ForgeRock in its 2023 Identity Breach Report. The US-based identity and access management software company revealed that stolen identities continue to cause massive breaches, exposing 1.5 billion user records and costing businesses an average of US$9.4 million per breach in 2022. 

“As more identities are stolen each year, AI-driven fraud attacks are creating a larger threat landscape for consumers and enterprises alike,” ForgeRock noted. On top of that, with the use of new technologies like generative AI, tactics such as phishing emails, malicious code, and voice or video-based impersonation, otherwise known as “deep fakes,” are becoming more common and challenging to detect. 

The ForgeRock 2023 Identity Breach Report underscores that attackers continue to target credentials and use them as a stepping stone to infiltrate an organization across industries and geographies. “The compromise of one single authorized identity of an employee inside an enterprise or of a service provider to the enterprise can cause a serious breach or ransomware attack affecting millions of consumers,” the report reads.

The tricky affair of stolen identities 

ForgeRock’s chief technology officer Eve Maler noted that even if every employee is trained in security best practices, it takes just one accidental click on a malicious link in a legitimate-looking email to open the door to an intruder. What follows could be being taken over, data stolen, and systems brought down. 

“The results can be devastating and far-reaching for the organization, its customers, and other companies it shares data with,” Maler added. Still, from the intruder’s standpoint, it only takes one compromised identity, she reiterated. The report also highlighted that from 2018 to 2022, breached records containing stolen identities rose by more than 350%. “During this period, the number of records containing protected health information (PHI) also rose by 160%,” Maler shared.

ForgeRock’s report also showed that in 2022, attacks targeting organizations through third-party service providers accounted for 52% of all breaches, illustrating the interconnectedness of identities. “Healthcare and education emerged as the most vulnerable industry sectors,” the report reads.

Other key findings from this year’s report include;

• Unauthorized access is the leading cause of breaches for the fifth consecutive year.
• 52% of all reported breaches came through third-party partners and suppliers. 
• Healthcare remains a top target, with attacks increasing by 50% compared to 2021.
• Social Security Number and date of birth information were exposed in 72% of breaches.
• Attacks within the financial services sector decreased by 29%, but nearly half of those attacks affected the insurance industry.

Almost half of all crimes in Singapore are cybercrimes

ForgeRock’s report noted that the Singapore Cyber Landscape (SCL) 2021 Report reveals the “staggering truth” that almost half of all crimes (48%) that happen in the city-state are cybercrimes. “The biggest contributor to successful attacks in Singapore was phishing scams, accounting for more than 18,000 incidents in 2021 (a 50% increase over the previous year),” the report reads.

The second leading attack method was unauthorized access, which was used in more than 3,700 cases, similar to 2020. Cyber extortion dramatically increased to 420 points in 2021, compared to 245 in 2020. “Ransomware also rose, with a 54% increase in cases reported to SingCERT in 2021, continuing a steady trend from 2019,” ForgeRock noted.

Ransomware incidents in Singapore primarily impacted small and medium enterprises (SMEs) in the manufacturing and IT industries. ForgeRock’s senior VP of Asia Pacific & Japan, David Hope, shared that over the past several years, the Singapore government has taken a proactive stance against combatting the always-on threat of cybercrime. 

“We’ve seen the introduction of new programs and measures to build a sustainable pipeline of cybersecurity talent, increased investment in relevant research & development, and more grants and subsidies awarded to businesses to help them improve their cybersecurity posture,” he added.

However, Hope said the constantly evolving threat landscape requires a united front from the government, private businesses, and consumers. “Additionally, there will always be new risks to manage, so organizations must be flexible and constantly educate their workforces about new and evolving attacks.”

The emergence of new technologies like generative AI is reshaping the workplace, and Hope sees that as increased risks to privacy and intellectual property. “But that doesn’t mean we relegate AI or these new technologies to the margins. They can help build zero-trust identity and help people safely access online services, ushering in a new era of connectedness and infinite possibilities,” he concluded.

---

---

---

---